I have checked "Don't ask for password on login" in Users Settings, it's convenient, but also makes the Lock Screen useless for the skilled users who can access my computer in local. What I don't is that if some guys on the internet trying to loggin my username which is in use or not, are they asked for the root password or not?
First, by default Ubuntu system does not permit remote logins at all. That should be done explicitly, say, one installs ssh server or sets up xRDP, or vnc (Ubuntu's 'Desktop sharing'), etc. If you did not do that, there could not be any risk.
Then, so called passwordless logins or autologins are provided and handled by login greeters. They are local, they are unrelated to the remote access software and do not serve remote connections.
Finally, my opinion is that local autologin does not introduce any risks related to (possible) remote connections.
I agree with @ugnvs assessment.